update tls

This commit is contained in:
fatedier 2020-09-18 20:06:09 +08:00
parent 4fff3c7472
commit 1e420cc766
4 changed files with 14 additions and 12 deletions

View File

@ -52,6 +52,10 @@ protocol = tcp
# if tls_enable is true, frpc will connect frps by tls
tls_enable = true
# tls_cert_file = client.crt
# tls_key_file = client.key
# tls_trusted_ca_file = ca.crt
# specify a dns server, so frpc will use this instead of default one
# dns_server = 8.8.8.8

View File

@ -103,6 +103,10 @@ max_ports_per_client = 0
# TlsOnly specifies whether to only accept TLS-encrypted connections. By default, the value is false.
tls_only = false
# tls_cert_file = server.crt
# tls_key_file = server.key
# tls_trusted_ca_file = ca.crt
# if subdomain_host is not empty, you can set subdomain when type is http or https in frpc's configure file
# when subdomain is test, the host used by routing is test.frps.com
subdomain_host = frps.com

View File

@ -350,17 +350,16 @@ func (cfg *ClientCommonConf) Check() (err error) {
if cfg.TLSEnable == false {
if cfg.TLSCertFile != "" {
fmt.Println("WARNING! Because tls_enable is not true, so tls_cert_file will not make sense")
fmt.Println("WARNING! tls_cert_file is invalid when tls_enable is false")
}
if cfg.TLSKeyFile != "" {
fmt.Println("WARNING! Because tls_enable is not true, so tls_key_file will not make sense")
fmt.Println("WARNING! tls_key_file is invalid when tls_enable is false")
}
if cfg.TLSTrustedCaFile != "" {
fmt.Println("WARNING! Because tls_enable is not true, so tls_trusted_ca_file will not make sense")
fmt.Println("WARNING! tls_trusted_ca_file is invalid when tls_enable is false")
}
}
return
}

View File

@ -448,6 +448,7 @@ func UnmarshalServerConfFromIni(content string) (cfg ServerCommonConf, err error
if tmpStr, ok := conf.Get("common", "tls_trusted_ca_file"); ok {
cfg.TLSTrustedCaFile = tmpStr
cfg.TLSOnly = true
}
return
@ -471,12 +472,6 @@ func UnmarshalPluginsFromIni(sections ini.File, cfg *ServerCommonConf) {
}
}
func (cfg *ServerCommonConf) Check() (err error) {
if cfg.TLSOnly == false {
if cfg.TLSTrustedCaFile != "" {
err = fmt.Errorf("Parse conf error: forbidden tls_trusted_ca_file, it only works when tls_only is true")
return
}
}
return
func (cfg *ServerCommonConf) Check() error {
return nil
}